ALT-BU-2023-2770-1
Branch sisyphus_e2k update bulletin.
Package sqlite3 updated to version 3.41.0-alt1 for branch sisyphus_e2k.
Closed vulnerabilities
Modified: 2023-11-07
CVE-2023-36191
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
Package python3-module-keyring updated to version 23.14.0-alt1 for branch sisyphus_e2k.
Closed bugs
Please update to 23.14.0
Package sudo updated to version 1.9.13p2-alt1 for branch sisyphus_e2k.
Closed vulnerabilities
BDU:2023-01183
Уязвимость функции set_cmnd_path() программы системного администрирования Sudo, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2025-03-21
CVE-2023-27320
Sudo before 1.9.13p2 has a double free in the per-command chroot feature.
- http://www.openwall.com/lists/oss-security/2023/03/01/8
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/332KN4QI6QXB7NI7SWSJ2EQJKWIILFN6/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FPLXMRAMXC3BYL4DNKVTK3V6JDMUXZ7B/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X6VW24YGXJYI4NZ5HZPQCF4MCE7766AU/
- https://security.gentoo.org/glsa/202309-12
- https://security.netapp.com/advisory/ntap-20230413-0009/
- https://www.openwall.com/lists/oss-security/2023/02/28/1
- https://www.sudo.ws/releases/stable/#1.9.13p2
- http://www.openwall.com/lists/oss-security/2023/03/01/8
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/332KN4QI6QXB7NI7SWSJ2EQJKWIILFN6/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FPLXMRAMXC3BYL4DNKVTK3V6JDMUXZ7B/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X6VW24YGXJYI4NZ5HZPQCF4MCE7766AU/
- https://security.gentoo.org/glsa/202309-12
- https://security.netapp.com/advisory/ntap-20230413-0009/
- https://www.openwall.com/lists/oss-security/2023/02/28/1
- https://www.sudo.ws/releases/stable/#1.9.13p2
Modified: 2024-11-21
CVE-2023-28486
Sudo before 1.9.13 does not escape control characters in log messages.
- https://github.com/sudo-project/sudo/commit/334daf92b31b79ce68ed75e2ee14fca265f029ca
- https://github.com/sudo-project/sudo/releases/tag/SUDO_1_9_13
- https://lists.debian.org/debian-lts-announce/2024/02/msg00002.html
- https://security.gentoo.org/glsa/202309-12
- https://security.netapp.com/advisory/ntap-20230420-0002/
- https://github.com/sudo-project/sudo/commit/334daf92b31b79ce68ed75e2ee14fca265f029ca
- https://github.com/sudo-project/sudo/releases/tag/SUDO_1_9_13
- https://lists.debian.org/debian-lts-announce/2024/02/msg00002.html
- https://security.gentoo.org/glsa/202309-12
- https://security.netapp.com/advisory/ntap-20230420-0002/
Modified: 2024-11-21
CVE-2023-28487
Sudo before 1.9.13 does not escape control characters in sudoreplay output.
- https://github.com/sudo-project/sudo/commit/334daf92b31b79ce68ed75e2ee14fca265f029ca
- https://github.com/sudo-project/sudo/releases/tag/SUDO_1_9_13
- https://lists.debian.org/debian-lts-announce/2024/02/msg00002.html
- https://security.gentoo.org/glsa/202309-12
- https://security.netapp.com/advisory/ntap-20230420-0002/
- https://github.com/sudo-project/sudo/commit/334daf92b31b79ce68ed75e2ee14fca265f029ca
- https://github.com/sudo-project/sudo/releases/tag/SUDO_1_9_13
- https://lists.debian.org/debian-lts-announce/2024/02/msg00002.html
- https://security.gentoo.org/glsa/202309-12
- https://security.netapp.com/advisory/ntap-20230420-0002/
Package mate-menu updated to version 22.04.2-alt4 for branch sisyphus_e2k.
Closed bugs
Не открывается меню настроек mate-menu
Package python3-module-avro updated to version 1.11.1-alt1 for branch sisyphus_e2k.
Closed vulnerabilities
Modified: 2024-11-21
CVE-2021-43045
A vulnerability in the .NET SDK of Apache Avro allows an attacker to allocate excessive resources, potentially causing a denial-of-service attack. This issue affects .NET applications using Apache Avro version 1.10.2 and prior versions. Users should update to version 1.11.0 which addresses this issue.